package ua.kharkov.knure.dereza.summarytask4.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import ua.kharkov.knure.dereza.summarytask4.core.Constants;
import ua.kharkov.knure.dereza.summarytask4.db.bean.ClientBean;

/**
 * Servlet Filter implementation class SecyrityFilter
 * 
 * @author dereza
 */
public class SecyrityFilter implements Filter {

	private static final Logger log = Logger.getLogger(SecyrityFilter.class);

	/**
	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
	 */
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		log.debug("Security filter started");
		HttpServletRequest httpServletRequest = (HttpServletRequest) request;

		// get session
		HttpSession session = httpServletRequest.getSession(true);
		// gets ClientBean from session
		ClientBean clientBean = (ClientBean) session.getAttribute("clientbean");

		// get query string
		String URI = httpServletRequest.getRequestURI();
		log.trace("Query string --> " + URI);

		// we always grant access to common resource
		if (URI.startsWith(Constants.RESOURCES_CSS)
				|| URI.startsWith(Constants.RESOURCES_CSS_BACKGROUND)
				|| URI.startsWith(Constants.RESOURCES_JS)
				|| URI.startsWith(Constants.APPLICATION_NAME + "controller")) {
			log.trace("Access to common recources permitted");
			log.debug("Security filter finished");
			chain.doFilter(request, response);
			return;
		}
		
		// if there is no valid clientBean
		if (clientBean == null || (clientBean == null && URI.equalsIgnoreCase(Constants.APPLICATION_NAME))) {
			
			// and forward to the login page
			httpServletRequest.getRequestDispatcher(Constants.PAGE_LOGIN).forward(request,
						response);
			log.trace("Forward to login page");
			log.debug("Security filter finished");
			return;
		}
		
		// if command is empty and client has clientBean
		String command = (String)request.getAttribute("command");
		String role = clientBean.getRole();
		String client = clientBean.getLogin();
		if(command == null){
			if(role.equals(Constants.ADMIN)){
				httpServletRequest.getRequestDispatcher(Constants.COMMAND_ADMIN_LIST_CARDS).forward(request,
						response);
				log.trace("Command is null. " + client + "forward to admin list cards");
				log.debug("Security filter finished");
				return;
			}
			if(role.equals(Constants.CLIENT)){
				httpServletRequest.getRequestDispatcher(Constants.COMMAND_CLIENT_LIST_CARDS).forward(request,
						response);
				log.trace("Command is null. " + client + "forward to client list cards");
				log.debug("Security filter finished");
				return;
			}
		}
		
		// otherwise go further
		log.debug("Security filter finished");
		chain.doFilter(request, response);
	}

	/**
	 * @see Filter#init(FilterConfig)
	 */
	public void init(FilterConfig fConfig) throws ServletException {
	}
	
	/**
	 * @see Filter#destroy()
	 */
	public void destroy() {
	}
}